CVE-2021-27036

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

Published: Jul 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-27036
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2013	2013.x
autodesk / design_review	2012	2012.x
autodesk / design_review	2011	2011.x
autodesk / design_review	2017	2017.x
autodesk / design_review	2018-hotfix	2018-hotfix.x
autodesk / design_review	2018-hotfix2	2018-hotfix2.x
autodesk / design_review	2018-hotfix3	2018-hotfix3.x
autodesk / design_review	2018	2018.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Vulnerability Database

289,697

CVE-2021-27036